Add a Comment
Email This
Statistics
Thread parent sort order:
Thread verbosity:
2 Nerd-Its
RE: Maybe...
My point about the target disk mode was not that it was the start--I know it's a higher level function dependent on the DMA, but unless I am mistaken here, the Mac's firmware (not the operating system) does have some control here, which is one way to block someone using Target Disk mode from accessing your system (which bypasses the OS as well. I don't think it bypasses the CPU though). It's the firmware I'm getting at here, and the lock downs to protect your machine that I'm getting at.
RSS
RE: Maybe...
I think you're chasing the starting point of a circle. Target Disk mode works because of the DMA capabilities within the FireWire protocol. The DMA capabilities don't exist because of the Target Disk mode. This is why the vector is completely cross platform. Any machine that correctly supports the OHCI interface will allow an external device to initiate a DMA session with the host so that data may move between RAM and device without slowing the user experience, because the CPU is not involved. It just so happens that if you craft a malicious "device" - it will make requests for the DMA controller to read from RAM wherever you want it to without going through the operating system which means logical access controls the OS puts in place and memory protections the CPU puts in place are bypassed completely.
View Full Discussion